Comments (5)
I can take a closer look tomorrow, but my initial thoughts are that this is expected behaviour.
Dex provides a set of URL handlers, but nothing listening at '/` - think of it like an api-gateway.
Can you confirm the below URL returns a 200:
https://dex.ingress.dex-server.example.com/.well-known/openid-configuration
In order to authenticate via dex
, you initiate the request against the ingress configured for dex-k8s-authenticator
(so just browse to the ingress configured for that chart).
from dex-k8s-authenticator.
Also, I think you need to configure staticClients
in the dex config (which links back to the dex-k8s-authenticator app) using the shared secret.
You can refer to these examples:
example dex-k8s-authenticator config
example dex config
from dex-k8s-authenticator.
Is it mandatory to deploy dex-k8s-authenticator.
Below URL is returning 200, Dex Server is running fine.
https://dex.ingress.dex-server.example.com/.well-known/openid-configuration
Is this expected, accessing https://dex.ingress.dex-server.example.com/callback in the browser throws error "Bad Request. User session error."?
Also, execution of kubectl
prompts for https://microsoft.com/devicelogin instead of https://dex.ingress.dex-server.example.com
from dex-k8s-authenticator.
It's worth reading this - https://github.com/coreos/dex/blob/master/Documentation/kubernetes.md
This repo simply providers a web-ui that mimics what the example-app
described in the above url does, but also provides a web-interface for it and makes it easier to integrate with kubectl
Just to clarify, this repo. is not associated with the official Dex project.
The key task that this helper performs is to fetch an ID token from Dex. It then provides a helper web-page that lets you configure your kubernetes kubeconfig
with the correct credentials for the selected cluster, using the ID token provided by Dex. It would also let get a kubeconfig
for different clusters, which could have different authentication backends.
Without such a tool, the flow is pretty painful to mimic by hand (think bash-scripts, and cURL),
So to clarify, if you want to use kubectl
to authenticate via Dex, a tool like this (or similar as there are others) is usually needed.
Also, we provide the 'Dex' chart as a helper as we find people will deploy both Dex and dex-k8s-authenticator together. You certainly do not need to use our Dex chart - there is now a more recent official one, or you could roll your own (they generally tend to end up being very similar).
from dex-k8s-authenticator.
I believe this is resolved now, if not, feel free to open (related to #47)
from dex-k8s-authenticator.
Related Issues (20)
- Failed to query provider "https://dex.example.org/": 400 Bad Request: Client sent an HTTP request to an HTTPS server.
- invalid_scope: Unknown/invalid scope(s): [offline_access, groups] HOT 1
- Add trivy container scanning to gh-action.
- k8s_ca_pem_base64_encoded not used? HOT 1
- Support raw copy kubeconfig file
- Hardcoded Secret in Dex Authenticator ConfigMap HOT 16
- Ability to work outside of Dex HOT 2
- TLS v1.3 Unsupported HOT 2
- Crashloop with no logs between querying provider and verifying client HOT 1
- Finalize upstream helm repo HOT 3
- helm chart not found HOT 1
- Expose user IP address in the logs HOT 2
- UI: cluster names are empty
- Add a arm64 image HOT 1
- Project maintenance (finding a new home for this repo) HOT 1
- Template for ingress not working in newer Kubernetes HOT 1
- You must be logged in to the server HOT 1
- Current Docker image has CVE-2023-0286 HOT 1
- can we use dex-k8s-authenticator without dex
- dex-k8s-authenticator web-app like CLI app
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dex-k8s-authenticator.